CNNVD-202506-2559 Information
CNNVD ID
CNNVD-202506-2559
Related CVE
- CNNVD Published: 2025-06-19
Description (Chinese)
Apache Traffic Server(ATS)是美国阿帕奇(Apache)基金会的一套可扩展的HTTP代理和缓存服务器。 Apache Traffic Server(ATS) 10.0.0至10.0.5版本和9.0.0至9.2.10版本存在资源管理错误漏洞,该漏洞源于ESI插件未限制最大包含深度可能导致内存消耗过度。
Description (English)
Apache Traffic Server (ATS) is an extended HTTP proxy and cache server for the Apache Foundation in the United States. Appache Traffic Server (ATS) versions 10.0.0 to 10.0.5 and 9.0.0 to 9.2.10 have resource management error loopholes, which stem from the fact that the maximum coverage of the ESI plugin is not limited and can lead to overconsumption of memory.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
阿帕奇
Published
2025-06-19
Last Modified
2026-02-24
References
https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8 https://access.redhat.com/security/cve/cve-2025-49763 https://vigilance.fr/vulnerability/Apache-Traffic-Server-overload-via-ESI-Plugin-Maximum-Inclusion-Depth-47524
Patch
https://trafficserver.apache.org/downloads
Share on: